{"vulnerability": "CVE-2024-2250", "sightings": [{"uuid": "90a7c307-163f-48bd-9951-9406ffd710cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22507", "type": "seen", "source": "https://t.me/arpsyndicate/3381", "content": "#ExploitObserverAlert\n\nZDI-24-112\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-112. Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-22507.", "creation_timestamp": "2024-02-11T13:14:19.000000Z"}, {"uuid": "b934a118-abf8-4e08-89da-35f1a4380e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22505", "type": "seen", "source": "https://t.me/arpsyndicate/3432", "content": "#ExploitObserverAlert\n\nZDI-24-106\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-106. Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22505.", "creation_timestamp": "2024-02-11T15:53:39.000000Z"}, {"uuid": "48b6e7bd-2335-4709-be27-3ed4a45308ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22506", "type": "seen", "source": "https://t.me/arpsyndicate/3380", "content": "#ExploitObserverAlert\n\nZDI-24-105\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-105. Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-22506.", "creation_timestamp": "2024-02-11T13:10:40.000000Z"}, {"uuid": "29d13395-30da-4aee-98f1-1841d87448e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22504", "type": "seen", "source": "https://t.me/arpsyndicate/3360", "content": "#ExploitObserverAlert\n\nZDI-24-107\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-107. Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22504.", "creation_timestamp": "2024-02-11T12:20:51.000000Z"}]}